What is the severity of CVE-2009-1960?

CVE-2009-1960 has a moderate severity rating as it allows remote attackers to execute arbitrary local files if register_globals is enabled.

How do I fix CVE-2009-1960?

To fix CVE-2009-1960, disable register_globals in the PHP configuration and update to a secure version of DokuWiki.

Which versions of DokuWiki are affected by CVE-2009-1960?

CVE-2009-1960 affects DokuWiki versions rc2009-02-06, 2009-02-14, and rc2009-01-30.

Can CVE-2009-1960 lead to remote file inclusion?

Yes, CVE-2009-1960 can allow remote file inclusion if the server is running an affected version of DokuWiki with register_globals enabled.

What are the potential consequences of CVE-2009-1960?

The potential consequences of CVE-2009-1960 include unauthorized access to sensitive files and the execution of malicious code on the server.

Vulnerability/
CVE-2009-1960

critical

9.3

CWE

8/6/2009

7/11/2023

CVE-2009-1960: Code Injection

First published: Mon Jun 08 2009(Updated: )

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
DokuWiki	=2009-02-14
DokuWiki	=rc2009-01-30
DokuWiki	=rc2009-02-06

Remedy

http://bugs.splitbrain.org/index.php?do=details&task_id=1700

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-1960?
CVE-2009-1960 has a moderate severity rating as it allows remote attackers to execute arbitrary local files if register_globals is enabled.
How do I fix CVE-2009-1960?
To fix CVE-2009-1960, disable register_globals in the PHP configuration and update to a secure version of DokuWiki.
Which versions of DokuWiki are affected by CVE-2009-1960?
CVE-2009-1960 affects DokuWiki versions rc2009-02-06, 2009-02-14, and rc2009-01-30.
Can CVE-2009-1960 lead to remote file inclusion?
Yes, CVE-2009-1960 can allow remote file inclusion if the server is running an affected version of DokuWiki with register_globals enabled.
What are the potential consequences of CVE-2009-1960?
The potential consequences of CVE-2009-1960 include unauthorized access to sensitive files and the execution of malicious code on the server.

agent/severity
agent/weakness
agent/references
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-historical
vendor/dokuwiki
canonical/dokuwiki
version/dokuwiki/2009-02-14
version/dokuwiki/rc2009-01-30
version/dokuwiki/rc2009-02-06

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.